CCSP Question #614: Real Exam Question with Answer & Explanation

The correct answer is B: Cross-site request forgery. Cross-site request forgery (CSRF) tricks an authenticated user's browser into sending a forged HTTP request-including the user's session cookies and credentials-to a web application. Because the request appears to come from the legitimate user, the application executes it under t

Submitted by andreas_gr· Apr 18, 2026Cloud Application Security

Question

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

Options

AInjection
BCross-site request forgery
CMissing function-level access control
DCross-site scripting

Explanation

Cross-site request forgery (CSRF) tricks an authenticated user's browser into sending a forged HTTP request-including the user's session cookies and credentials-to a web application. Because the request appears to come from the legitimate user, the application executes it under that user's credentials and permissions. The attack exploits the trust a site has in the user's browser. Injection (A) involves malicious data executed server-side. Missing function-level access control (C) allows unauthorized users to access protected functions. Cross-site scripting (D) injects malicious scripts into content delivered to other users.

Topics

#Cross-Site Request Forgery#Web Application Security#Application Vulnerabilities#OWASP Top 10

Community Discussion

No community discussion yet for this question.

Full CCSP Practice Browse All CCSP Questions